An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
Cisco Linksys PlayerPT 1.0.0.15 is vulnerable; other versions may also be affected.